https://bugzilla.redhat.com/show_bug.cgi?id=1033606
--- Comment #34 from Michal Fojtik mfojtik@redhat.com --- Lokesh: I tried, but unfortunatelly it did not help. However, the behavior changed a bit (note I do a full reboot after the change).
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# docker run -i -t base/arch /bin/bash lxc-start: failed to attach 'vethOjHimB' to the bridge 'docker0' : No such device lxc-start: failed to create netdev lxc-start: failed to create the network lxc-start: failed to spawn '2331a2594cd703ca76f15bf382f0c2724b149c64c6529081cc767beb4c22868d'
After restarting Docker service:
[root@localhost ~]# systemctl restart docker [root@localhost ~]# docker run -i -t base/arch /bin/bash [root@d50801ccec40 /]# ping google.com ping: unknown host google.com
So the result is still the same :-(
BUT, I found the workaround:
[root@localhost ~]# firewall-cmd --add-masquerade success [root@localhost ~]# docker run -i -t base/arch /bin/bash [root@f3b88e508538 /]# ping google.com PING google.com (173.194.35.70) 56(84) bytes of data. 64 bytes from 173.194.35.70: icmp_seq=1 ttl=55 time=14.5 ms
So adding a MASQUARADE in firewalld seems to fix this problem. Can we make this call in Docker service, or alternatively create a 'docker' zone in firewalld and enable MASQUARADE for this zone?